Package com.yubico.yubikit.fido.ctap

Interface PinUvAuthProtocol

All Known Implementing Classes:
PinUvAuthDummyProtocol, PinUvAuthProtocolV1, PinUvAuthProtocolV2
public interface PinUvAuthProtocol
A PIN/UV auth protocol (aka pinUvAuthProtocol) ensures that PINs are encrypted when sent to an authenticator and are exchanged for a pinUvAuthToken that serves to authenticate subsequent commands.

  • Method Summary

    Modifier and Type
    Method
    Description
    byte[]
    authenticate(byte[] key, byte[] message)
    Computes a MAC of the given message.
    byte[]
    decrypt(byte[] key, byte[] demCiphertext)
    Decrypts a ciphertext and returns the plaintext.
    com.yubico.yubikit.core.util.Pair<Map<Integer,?>,byte[]>
    encapsulate(Map<Integer,?> peerCoseKey)
    Generates an encapsulation for the authenticator’s public key and returns the message to transmit and the shared secret.
    byte[]
    encrypt(byte[] key, byte[] demPlaintext)
    Encrypts a plaintext to produce a ciphertext, which may be longer than the plaintext.
    int
    getVersion()
    Returns the version number of the PIN/UV Auth protocol.
    byte[]
    kdf(byte[] z)
    Computes shared secret

  • Method Details

    • getVersion

      int getVersion()
      Returns the version number of the PIN/UV Auth protocol.
      Returns:
      the version of the protocol

    • encapsulate

      com.yubico.yubikit.core.util.Pair<Map<Integer,?>,byte[]> encapsulate(Map<Integer,?> peerCoseKey)
      Generates an encapsulation for the authenticator’s public key and returns the message to transmit and the shared secret.
      Parameters:
      peerCoseKey - a public key returned by the YubiKey
      Returns:
      a Pair containing a keyAgreement to transmit, and the shared secret.

    • kdf

      byte[] kdf(byte[] z)
      Computes shared secret

    • encrypt

      byte[] encrypt(byte[] key, byte[] demPlaintext)
      Encrypts a plaintext to produce a ciphertext, which may be longer than the plaintext. The plaintext is restricted to being a multiple of the AES block size (16 bytes) in length.
      Parameters:
      key - the secret key to use
      demPlaintext - the value to encrypt
      Returns:
      the encrypted value

    • decrypt

      byte[] decrypt(byte[] key, byte[] demCiphertext)
      Decrypts a ciphertext and returns the plaintext.
      Parameters:
      key - the secret key to use
      demCiphertext - the value to decrypt
      Returns:
      the decrypted value

    • authenticate

      byte[] authenticate(byte[] key, byte[] message)
      Computes a MAC of the given message.
      Parameters:
      key - the secret key to use
      message - the message to sign
      Returns:
      a signature